The privacy is only leaked when data breach happens in exchanges. These exchanges ask for our identity verification and ask for our details, they further stores it and when these data breaches happens, our identity gets leaked and privacy is hampered. Regarding the security, if we store the coins in online exchanges or wallets, then definitely our coins will get hacked, so yes store the coins in offline wallet only. Moreover regarding the privacy, try to avoid exchanges and do P2P deals as much as you can.
It is likely if not a certainty that the data you share with exchanges is not only shared to several different governments, it is likely that such information is also shared with other private companies which are interested in profiling you so their advertising can be even more personalized, then it is important that if you want to use centralized exchanges that you use the smallest number of them possible as a way to reduce how many times your data is shared.
I think as long as your money is safe, the information is not a big deal. Like for example I do not know where one of them found me, but a local exchange in my nation found who I was and I had money in crypto, now I didn't share this with them, which means they found it somewhere themselves, that's not normal. However, all they did was call me up and asked me to use them instead, offered me some marketing stuff, like bonus or promotions and such, which basically ended up with nothing.
This is why I believe that the best thing to do would be making sure that we are dealing with this a lot more carefully. I understand that it's not going to be easy, but we could definitely make it work as much as we can, just need some time with it.